Resources
Selected articles
Selected articles
Offline Autoruns Revisited - Auditing Malware Persistence
Investigating PowerShell: Command and Script Logging
Device Profiling with Windows Prefetch
What is New in Windows Application Execution?
Mo’ Shells Mo’ Problems – Web Server Log Analysis
Getting Started with Linux Memory Forensics
Computer Forensics How-To: Microsoft Log Parser
NTFS $I30 Index Attributes: Evidence of Deleted and Overwritten Files
OpenSaveMRU and LastVisitedMRU
Finding Registry Malware Persistence with RECmd
Cloud Storage Acquisition from Endpoint Devices
SANS FOR500: Windows Forensic Analysis - Updated for Windows 11 and Beyond
Power Up Memory Forensics with Memory Baseliner
Updated Windows Forensic Analysis Poster
WORKSHOPS
WORKSHOPS

Videos
Videos
slides
slides






